Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My malware....(help!)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My malware....(help!)

Unread postby Yonex » February 20th, 2006, 12:10 am

HEre is my log
Logfile of HijackThis v1.99.1
Scan saved at 10:06:39 PM, on 2/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\asuskbservice.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Network Monitor\netmon.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
D:\Program Files\HijackThis\HijackThis.exe

O1 - Hosts: 62.75.224.159 home.edonkey2000.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\MSDXM.OCX
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [jyvaeqeA] C:\WINDOWS\jyvaeqeA.exe
O4 - HKLM\..\Run: [ms032541592208] C:\WINDOWS\ms032541592208.exe
O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames9.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban9.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [KAVPersonal50] "d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Ad-Aware] "D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\hr8405lqe.dll
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: kavsvc - Kaspersky Lab - d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\jyvaeqe.exe (file missing)
Yonex
Active Member
 
Posts: 4
Joined: February 20th, 2006, 12:08 am
Advertisement
Register to Remove

Unread postby Rogue » February 20th, 2006, 2:50 pm

Hi Yonex,

Welcome to MalWare Removal


I noticed you have Norton AV and Kapersky AV. Two is not better. Is one or the others subscription expired? If one is then that is the one you want to remove. Running two can cause conflicts and lessen your protection.

Ready? Let go.

Please do the following:

Submit File to Jotti
Please click on Jotti
Use the "Browse" button and locate the following file on your computer:

C:\WINDOWS\system32\hr8405lqe.dll

Click the "Submit" button.
Please copy and post (reply) with the results

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustotal.com/xhtml/index_en.html

==========

Sbybot Download, Update & Run

Spybot S&D is available from here.

Download and Install Spybot S&D (if you haven't already), accept the Default Settings
In the Menu Bar at the top of the Spybot window you will see Mode.
Make certain that 'Default Mode has a check mark beside it.
Close ALL windows except Spybot S&D
Click the button to 'Search for Updates' then download and install the updates.
Next click the button 'Check for Problems'
When Spybot is complete, it will be showing 'RED' entries bold 'BLACK' entries and 'GREEN' entries in the window
Make certain there is a check mark beside all of the RED entries ONLY.
Choose 'Fix Selected Problems' and allow Spybot to fix the RED entries.
==========

Download and install Ewido Anti-Malware

During the installation, uncheck the following under Additional Options:
Install background guard
Install scan via context menu

Check for updates
Do not run it yet
==========

Download ATF Cleaner by Atribune and save it to your Desktop.
==========

Disconnect from the internet and unplug your modem
==========

Press cntrl alt delete. Click on processes tab and end the following process

netmon.exe

===========

Now, enable the Show Hidden Folders option, like this:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
==========

Please go to:
Start
Control panel
Add/Remove programs

Find and remove these programs (if they are present)

SurfSideKick 3

(If some programs listed are not present, please do not panic)

If there is no Add/Remove Programs entry for this programs, click on Start, then Run and type the followin in the Open: field:

C:\Program Files\SurfSideKick 3\Ssk.exe /u

and press the OK button. A code will be displayed that it will ask you to enter. Enter this code and reboot. Once back to your desktop continue with the rest of the fix.
=========

Start HijackThis as you did to generate a log, but this time click on 'Do a system scan only'.
Place a checkmark in the boxes to the left of the following entries, by clicking on them:

O1 - Hosts: 62.75.224.159 home.edonkey2000.com
O4 - HKLM\..\Run: [jyvaeqeA] C:\WINDOWS\jyvaeqeA.exe
O4 - HKLM\..\Run: [ms032541592208] C:\WINDOWS\ms032541592208.exe
O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames9.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban9.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\jyvaeqe.exe (file missing)

CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked
==========

Please print the instructions below or copy and paste to Notepad since you will not have internet access while in safe mode.
Then reboot your computer
As soon as it starts to boot, rapidly press the f8 key.
Select Safe Mode from the menu
If you are still unsure, see here
==========

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following files: if found, delete the following files (some may not be present after previous steps):

C:\WINDOWS\jyvaeqeA.exe
C:\WINDOWS\ms032541592208.exe
C:\windows\gimmygames9.exe
C:\windows\winsysban9.exe
C:\WINDOWS\SYSC00.exe

Again using Windows Explore navigate to and find following folders: if found, delete the following folders (some may not be present after previous steps):

C:\Program Files\SurfSideKick 3
C:\Program Files\Network Monitor
==========

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache


The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.
==========

Run ewido Malware Remover

Click on Scanner
Click on Complete System Scan and the scan will begin.
While the scan is in progress you will be prompted to clean files, click OK
Select "none" as the action. Check "Perform action with all infections".
Once the scan has completed, there will be a button located on the bottom of the screen named Save report - click it.
Save the report.txt file to your desktop.

Now close ewido security suite.

Warning: While the scan is in progress, DO NOT open any folders or the Windows Control Panel !!
==========

Reboot your PC in Normal Mode
==========

Run an online virus scan called Kapersky from here.

1. Click on "Kapersky Online Scanner"
2. A new smaller window will pop up. Press on "Accept". After reading the contents.
3. Now Kapersky will update the anti-virus database. Let it run.
4. Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
5. Then click on "My Computer". And the scan will start.
6. Once finished, save a log as ".txt" to the desktop. And restart.
==========

Post a new HJT Log
Post ewido Log
Post Kapesky Log
Info on hr8405lqe.dll
Let me know how you system is running

Thanks,
Rogue
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Unread postby Yonex » February 20th, 2006, 7:06 pm

Here is my new HJT log

ogfile of HijackThis v1.99.1
Scan saved at 5:04:06 PM, on 2/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\asuskbservice.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\Program Files\HijackThis\HijackThis.exe

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [KAVPersonal50] "d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ad-Aware] "D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\jt6807jue.dll
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: kavsvc - Kaspersky Lab - d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Here Edio Anti Malware

ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:40:01 PM, 2/20/2006
+ Report-Checksum: 811FD8FD

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Ignored
[728] C:\WINDOWS\system32\fxntext.dll -> Adware.Look2Me : Ignored
[836] C:\WINDOWS\system32\fxntext.dll -> Adware.Look2Me : Ignored
C:\Program Files\Microsoft AntiSpyware\Quarantine\4A772166-B129-48E3-A68E-142D29\117800EB-8495-4848-A842-34D812 -> Adware.Gator : Ignored
C:\Program Files\Microsoft AntiSpyware\Quarantine\6B0161B8-0D49-40F4-BB5B-251B19\F632C693-2415-4B5A-8A05-4A6DFF -> Adware.Altnet : Ignored
C:\Program Files\Microsoft AntiSpyware\Quarantine\7620D241-0CCC-46C4-B7BC-1F8574\D68D0F3E-041D-41C2-B354-1BC058 -> Adware.Gator : Ignored
C:\WINDOWS\system32\avsnt.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\d6j0lg1m16.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\ddquery.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\dpmstor.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\dy16gt.dLL -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\en64l1jq1.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\en8ul1l91.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\enjol1131.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\f0l00a3med.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\gp84l3lq1.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\gpp6l37s1.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\h0n00a5med.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\h24mlch11f4.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\hrnm0551e.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\hrp0057me.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\i4060edseh060.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\i460lejm1hoa.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\i4jq0e15eh.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\ir04l5dq1.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\irlul5391.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\jt8407lqe.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\k6080gdue6080.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\krdcr.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\ktn6l75s1.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\l60ulgd9160.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\lpcalsec.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\lvr8099ue.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\m6ju0g19e6.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\mhexcl40.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\mjcorier.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\mv0ol9d31.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\mxrd3x40.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\nelanman.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\o0pqla751d.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\p0p60a7sed.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\pHpgraph.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\r08slal71dq.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\rGsppp.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\rnvpmsg.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\t08u0al9edq.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\system32\ugl.dll -> Adware.Look2Me : Ignored
C:\WINDOWS\Temp\Cookies\josh foh@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignored
C:\WINDOWS\Temp\Cookies\josh foh@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Ignored
C:\WINDOWS\Temp\Cookies\josh foh@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Ignored
C:\WINDOWS\Temp\Cookies\josh foh@epilot[1].txt -> TrackingCookie.Epilot : Ignored
C:\WINDOWS\Temp\Cookies\josh foh@kmpads[1].txt -> TrackingCookie.Kmpads : Ignored
C:\WINDOWS\Temp\Cookies\josh foh@overture[1].txt -> TrackingCookie.Overture : Ignored
C:\WINDOWS\Temp\Cookies\josh foh@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored
C:\WINDOWS\Temp\Cookies\josh foh@paypopup[2].txt -> TrackingCookie.Paypopup : Ignored
C:\WINDOWS\Temp\Cookies\josh foh@starware[2].txt -> TrackingCookie.Starware : Ignored
C:\WINDOWS\Temp\Cookies\josh foh@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Ignored
C:\WINDOWS\Temp\Cookies\josh foh@www.epilot[1].txt -> TrackingCookie.Epilot : Ignored


::Report End

And for that file you told me to scan. I think it changed its name and this is what i got

Service load: 0% 100%

File: jt8407lqe.dll
Status: INFECTED/MALWARE
MD5 350dd533e698a6a7fd2c267313ac0144
Packers detected: -
Scanner results
AntiVir Found Adware-Spyware/Look2Me.ab adware
ArcaVir Found Adware.Looktome.At
Avast Found Win32:Adware-gen.
AVG Antivirus Found nothing
BitDefender Found Adware.Dinky.A.Trojan
ClamAV Found Adware.Lookme-26
Dr.Web Found Adware.Look2me
F-Prot Antivirus Found nothing
Fortinet Found Adware/Look2me
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.Look2Me.ab
NOD32 Found Win32/Adware.Look2Me application
Norman Virus Control Found W32/Look2Me.DJ
UNA Found nothing
VBA32 Found nothing

ANd i can't get the kasperasky scan to work because he keeps switching to a pop up page.
Yonex
Active Member
 
Posts: 4
Joined: February 20th, 2006, 12:08 am

Unread postby Rogue » February 20th, 2006, 7:10 pm

Hi Yonex,

You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

Thanks,
Rogue
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Unread postby Yonex » February 20th, 2006, 7:18 pm

Alright here it is

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\jt6807jue.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{1606BB04-4171-293A-DFB5-234E4CD0CC3F}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{516EC4D3-4AD9-11D5-AA6A-00E0189008B3}"="The Core Media Player Shell Extension"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{8D3AF1D7-986C-4B8B-B21B-CBD32FC659B3}"=""
"{6B172929-E998-4E8D-B038-904543FA36A9}"=""
"{542F7EB2-F84F-4E3C-8356-7C9ED3B24135}"=""
"{94180108-BDB9-4C1A-A519-90ADAE0B8DF6}"=""
"{2B7AEB8F-E6C5-46FA-9A94-9DD491EA9189}"=""
"{E708D47B-17F1-4751-8A0F-799C1754B3B9}"=""
"{76DF4805-E5DC-40F1-BE65-3A2800E585F2}"=""
"{B7CFD13D-3164-4A7F-B52E-7271E250B792}"=""
"{3C40EEF2-7075-460E-83A0-FBAA2DEF4774}"=""
"{227B50D6-80B1-4A51-89A8-BF7D515B3BDF}"=""
"{52B3FBD9-13B6-4489-9341-B32DC61C2620}"=""
"{16D7F218-5FC8-43E4-B53E-17229F849963}"=""
"{77399226-C1EC-4D99-98D3-47FCDB7F9470}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8D3AF1D7-986C-4B8B-B21B-CBD32FC659B3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D3AF1D7-986C-4B8B-B21B-CBD32FC659B3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D3AF1D7-986C-4B8B-B21B-CBD32FC659B3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D3AF1D7-986C-4B8B-B21B-CBD32FC659B3}\InprocServer32]
@="C:\\WINDOWS\\system32\\whwfaxui.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6B172929-E998-4E8D-B038-904543FA36A9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6B172929-E998-4E8D-B038-904543FA36A9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6B172929-E998-4E8D-B038-904543FA36A9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6B172929-E998-4E8D-B038-904543FA36A9}\InprocServer32]
@="C:\\WINDOWS\\system32\\cobjmon.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{542F7EB2-F84F-4E3C-8356-7C9ED3B24135}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{542F7EB2-F84F-4E3C-8356-7C9ED3B24135}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{542F7EB2-F84F-4E3C-8356-7C9ED3B24135}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{542F7EB2-F84F-4E3C-8356-7C9ED3B24135}\InprocServer32]
@="C:\\WINDOWS\\system32\\dQd9.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{94180108-BDB9-4C1A-A519-90ADAE0B8DF6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{94180108-BDB9-4C1A-A519-90ADAE0B8DF6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{94180108-BDB9-4C1A-A519-90ADAE0B8DF6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{94180108-BDB9-4C1A-A519-90ADAE0B8DF6}\InprocServer32]
@="C:\\WINDOWS\\system32\\mxapsspc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2B7AEB8F-E6C5-46FA-9A94-9DD491EA9189}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2B7AEB8F-E6C5-46FA-9A94-9DD491EA9189}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2B7AEB8F-E6C5-46FA-9A94-9DD491EA9189}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2B7AEB8F-E6C5-46FA-9A94-9DD491EA9189}\InprocServer32]
@="C:\\WINDOWS\\system32\\rnvpmsg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E708D47B-17F1-4751-8A0F-799C1754B3B9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E708D47B-17F1-4751-8A0F-799C1754B3B9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E708D47B-17F1-4751-8A0F-799C1754B3B9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E708D47B-17F1-4751-8A0F-799C1754B3B9}\InprocServer32]
@="C:\\WINDOWS\\system32\\lpcalsec.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{76DF4805-E5DC-40F1-BE65-3A2800E585F2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{76DF4805-E5DC-40F1-BE65-3A2800E585F2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{76DF4805-E5DC-40F1-BE65-3A2800E585F2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{76DF4805-E5DC-40F1-BE65-3A2800E585F2}\InprocServer32]
@="C:\\WINDOWS\\system32\\nelanman.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B7CFD13D-3164-4A7F-B52E-7271E250B792}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B7CFD13D-3164-4A7F-B52E-7271E250B792}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B7CFD13D-3164-4A7F-B52E-7271E250B792}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B7CFD13D-3164-4A7F-B52E-7271E250B792}\InprocServer32]
@="C:\\WINDOWS\\system32\\mhexcl40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3C40EEF2-7075-460E-83A0-FBAA2DEF4774}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3C40EEF2-7075-460E-83A0-FBAA2DEF4774}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3C40EEF2-7075-460E-83A0-FBAA2DEF4774}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3C40EEF2-7075-460E-83A0-FBAA2DEF4774}\InprocServer32]
@="C:\\WINDOWS\\system32\\cimsnap.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{227B50D6-80B1-4A51-89A8-BF7D515B3BDF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{227B50D6-80B1-4A51-89A8-BF7D515B3BDF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{227B50D6-80B1-4A51-89A8-BF7D515B3BDF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{227B50D6-80B1-4A51-89A8-BF7D515B3BDF}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{52B3FBD9-13B6-4489-9341-B32DC61C2620}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{52B3FBD9-13B6-4489-9341-B32DC61C2620}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{52B3FBD9-13B6-4489-9341-B32DC61C2620}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{52B3FBD9-13B6-4489-9341-B32DC61C2620}\InprocServer32]
@="C:\\WINDOWS\\system32\\ugl.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{16D7F218-5FC8-43E4-B53E-17229F849963}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{16D7F218-5FC8-43E4-B53E-17229F849963}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{16D7F218-5FC8-43E4-B53E-17229F849963}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{16D7F218-5FC8-43E4-B53E-17229F849963}\InprocServer32]
@="C:\\WINDOWS\\system32\\dpmstor.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{77399226-C1EC-4D99-98D3-47FCDB7F9470}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{77399226-C1EC-4D99-98D3-47FCDB7F9470}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{77399226-C1EC-4D99-98D3-47FCDB7F9470}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{77399226-C1EC-4D99-98D3-47FCDB7F9470}\InprocServer32]
@="C:\\WINDOWS\\system32\\gjkrsrc.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
avsnt.dll Sun Feb 19 2006 3:44:04p ..S.R 234,591 229.09 K
browseui.dll Wed Nov 23 2005 7:06:34p A.... 1,022,464 998.50 K
d6j0lg~1.dll Fri Feb 17 2006 9:59:48p A.... 235,945 230.41 K
ddquery.dll Sun Feb 19 2006 12:15:32p ..S.R 236,896 231.34 K
dpmstor.dll Sun Feb 19 2006 5:09:48p ..S.R 236,111 230.57 K
dy16gt.dll Sun Feb 19 2006 11:47:38a ..S.R 236,896 231.34 K
en64l1~1.dll Sun Feb 19 2006 1:17:46p ..S.R 236,034 230.50 K
en8ul1~1.dll Fri Feb 17 2006 10:47:30p A.... 234,238 228.75 K
enjol1~1.dll Fri Feb 17 2006 9:52:34p A.... 235,649 230.13 K
f0l00a~1.dll Sun Feb 19 2006 12:59:34p ..S.R 233,540 228.07 K
gdi32.dll Wed Dec 28 2005 8:54:36p A.... 280,064 273.50 K
gjkrsrc.dll Mon Feb 20 2006 3:42:34p ..S.R 235,144 229.63 K
gp84l3~1.dll Sun Feb 19 2006 8:25:16a ..S.R 235,639 230.11 K
gpp6l3~1.dll Fri Feb 17 2006 11:16:16p A.... 237,312 231.75 K
h0n00a~1.dll Mon Feb 20 2006 1:59:14p A.... 234,251 228.76 K
h24mlc~1.dll Fri Feb 17 2006 9:29:30p A.... 235,414 229.89 K
hrnm05~1.dll Sun Feb 19 2006 4:29:20p ..S.R 236,266 230.73 K
hrp005~1.dll Fri Feb 17 2006 9:04:00p A.... 234,347 228.85 K
i4060e~1.dll Fri Feb 17 2006 8:33:00p ..S.R 234,876 229.37 K
i460le~1.dll Sun Feb 19 2006 1:56:12p ..S.R 234,573 229.07 K
i4jq0e~1.dll Sun Feb 19 2006 4:52:54p ..S.R 236,111 230.57 K
ir04l5~1.dll Sun Feb 19 2006 12:13:48p ..S.R 235,639 230.11 K
irlul5~1.dll Sun Feb 19 2006 9:43:52a ..S.R 234,215 228.72 K
jt6807~1.dll Mon Feb 20 2006 2:45:58p ..S.R 235,144 229.63 K
jt8407~1.dll Fri Feb 17 2006 11:29:18p ..S.R 236,126 230.59 K
k6080g~1.dll Fri Feb 17 2006 9:59:38p ..S.R 234,929 229.42 K
krdcr.dll Sun Feb 19 2006 1:13:08p ..S.R 234,573 229.07 K
ktn6l7~1.dll Sun Feb 19 2006 1:21:50p ..S.R 236,230 230.69 K
l60ulg~1.dll Sun Feb 19 2006 3:44:04p ..S.R 236,497 230.95 K
lpcalsec.dll Sun Feb 19 2006 4:15:00p ..S.R 236,111 230.57 K
lvr809~1.dll Sun Feb 19 2006 4:33:48p ..S.R 237,010 231.45 K
m6ju0g~1.dll Sun Feb 19 2006 3:51:56p ..S.R 234,591 229.09 K
mhexcl40.dll Sun Feb 19 2006 4:29:46p ..S.R 236,111 230.57 K
mjcorier.dll Sun Feb 19 2006 9:43:52a ..S.R 235,639 230.11 K
mshtml.dll Wed Nov 23 2005 7:06:34p A.... 3,015,680 2.88 M
mv0ol9~1.dll Sun Feb 19 2006 8:58:02a ..S.R 235,639 230.11 K
mxrd3x40.dll Sun Feb 19 2006 3:47:50p ..S.R 234,591 229.09 K
nelanman.dll Sun Feb 19 2006 4:23:22p ..S.R 236,111 230.57 K
o0pqla~1.dll Sun Feb 19 2006 4:23:22p ..S.R 234,033 228.55 K
p0p60a~1.dll Sun Feb 19 2006 10:39:48p ..S.R 236,111 230.57 K
p24ulc~1.dll Mon Feb 20 2006 3:42:34p ..S.R 237,086 231.53 K
phpgraph.dll Sun Feb 19 2006 12:54:32p ..S.R 236,896 231.34 K
r08sla~1.dll Fri Feb 17 2006 11:18:40p ..S.R 234,138 228.65 K
rgsppp.dll Mon Feb 20 2006 2:00:06p ..S.R 234,201 228.71 K
rnvpmsg.dll Sun Feb 19 2006 4:03:14p ..S.R 236,111 230.57 K
s32evnt1.dll Tue Jan 31 2006 2:35:34p A.... 91,904 89.75 K
shdocvw.dll Wed Nov 30 2005 9:59:30p A.... 1,492,480 1.42 M
t08u0a~1.dll Sun Feb 19 2006 1:24:54p ..S.R 234,573 229.07 K
ugl.dll Sun Feb 19 2006 5:07:30p ..S.R 236,111 230.57 K
webclnt.dll Tue Jan 3 2006 9:35:06p A.... 68,096 66.50 K
wmp.dll Tue Dec 6 2005 6:02:16a A.... 5,533,696 5.28 M

51 items found: 51 files (37 H/S), 0 directories.
Total of file sizes: 21,866,633 bytes 20.85 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 7C21-1018

Directory of C:\WINDOWS\System32

02/20/2006 03:42 PM 235,144 gjkrsrc.dll
02/20/2006 03:42 PM 237,086 p24ulch91f4.dll
02/20/2006 02:45 PM 235,144 jt6807jue.dll
02/20/2006 02:00 PM 234,201 rGsppp.dll
02/19/2006 10:39 PM 236,111 p0p60a7sed.dll
02/19/2006 05:09 PM 236,111 dpmstor.dll
02/19/2006 05:07 PM 236,111 ugl.dll
02/19/2006 04:52 PM 236,111 i4jq0e15eh.dll
02/19/2006 04:33 PM 237,010 lvr8099ue.dll
02/19/2006 04:29 PM 236,111 mhexcl40.dll
02/19/2006 04:29 PM 236,266 hrnm0551e.dll
02/19/2006 04:23 PM 236,111 nelanman.dll
02/19/2006 04:23 PM 234,033 o0pqla751d.dll
02/19/2006 04:14 PM 236,111 lpcalsec.dll
02/19/2006 04:03 PM 236,111 rnvpmsg.dll
02/19/2006 03:51 PM 234,591 m6ju0g19e6.dll
02/19/2006 03:47 PM 234,591 mxrd3x40.dll
02/19/2006 03:44 PM 234,591 avsnt.dll
02/19/2006 03:44 PM 236,497 l60ulgd9160.dll
02/19/2006 01:56 PM 234,573 i460lejm1hoa.dll
02/19/2006 01:24 PM 234,573 t08u0al9edq.dll
02/19/2006 01:21 PM 236,230 ktn6l75s1.dll
02/19/2006 01:17 PM 236,034 en64l1jq1.dll
02/19/2006 01:13 PM 234,573 krdcr.dll
02/19/2006 12:59 PM 233,540 f0l00a3med.dll
02/19/2006 12:54 PM 236,896 pHpgraph.dll
02/19/2006 12:15 PM 236,896 ddquery.dll
02/19/2006 12:13 PM 235,639 ir04l5dq1.dll
02/19/2006 11:47 AM 236,896 dy16gt.dLL
02/19/2006 09:43 AM 235,639 mjcorier.dll
02/19/2006 09:43 AM 234,215 irlul5391.dll
02/19/2006 08:58 AM 235,639 mv0ol9d31.dll
02/19/2006 08:25 AM 235,639 gp84l3lq1.dll
02/17/2006 11:29 PM 236,126 jt8407lqe.dll
02/17/2006 11:18 PM 234,138 r08slal71dq.dll
02/17/2006 09:59 PM 234,929 k6080gdue6080.dll
02/17/2006 08:32 PM 234,876 i4060edseh060.dll
02/16/2006 01:59 AM <DIR> dllcache
06/14/2005 11:36 AM 56 C997474BF5.sys
06/14/2005 11:36 AM 10,856 KGyGaAvL.sys
02/11/2005 05:16 PM <DIR> Microsoft
39 File(s) 8,726,005 bytes
2 Dir(s) 5,101,645,824 bytes free
Yonex
Active Member
 
Posts: 4
Joined: February 20th, 2006, 12:08 am

Unread postby Rogue » February 20th, 2006, 7:50 pm

Hi Yonex,

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new Hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

Note : Once the PC has restarted if a log does not appear or the icons didn't disappear, run the "second.bat" located inside the L2mfix folder.

Thanks,
rogue
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Unread postby Yonex » February 20th, 2006, 8:08 pm

Ok just did what you instructed me and here are my results.

L2mfix 010406
Creating Account.
The command completed successfully.

Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 512 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 596 'winlogon.exe'
Killing PID 596 'winlogon.exe'
Killing PID 596 'winlogon.exe'
Killing PID 596 'winlogon.exe'
Killing PID 596 'winlogon.exe'
Killing PID 596 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 3740 'explorer.exe'
Killing PID 3740 'explorer.exe'
Killing PID 3740 'explorer.exe'
Killing PID 3740 'explorer.exe'
Killing PID 3740 'explorer.exe'
Killing PID 3740 'explorer.exe'
Killing PID 3740 'explorer.exe'
Killing PID 3740 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 3524 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
Deleting: C:\WINDOWS\system32\avsnt.dll
Successfully Deleted: C:\WINDOWS\system32\avsnt.dll
Deleting: C:\WINDOWS\system32\d6j0lg1m16.dll
Successfully Deleted: C:\WINDOWS\system32\d6j0lg1m16.dll
Deleting: C:\WINDOWS\system32\ddquery.dll
Successfully Deleted: C:\WINDOWS\system32\ddquery.dll
Deleting: C:\WINDOWS\system32\dpmstor.dll
Successfully Deleted: C:\WINDOWS\system32\dpmstor.dll
Deleting: C:\WINDOWS\system32\dy16gt.dLL
Successfully Deleted: C:\WINDOWS\system32\dy16gt.dLL
Deleting: C:\WINDOWS\system32\en64l1jq1.dll
Successfully Deleted: C:\WINDOWS\system32\en64l1jq1.dll
Deleting: C:\WINDOWS\system32\en8ul1l91.dll
Successfully Deleted: C:\WINDOWS\system32\en8ul1l91.dll
Deleting: C:\WINDOWS\system32\enjol1131.dll
Successfully Deleted: C:\WINDOWS\system32\enjol1131.dll
Deleting: C:\WINDOWS\system32\f0l00a3med.dll
Successfully Deleted: C:\WINDOWS\system32\f0l00a3med.dll
Deleting: C:\WINDOWS\system32\gjkrsrc.dll
Successfully Deleted: C:\WINDOWS\system32\gjkrsrc.dll
Deleting: C:\WINDOWS\system32\gp84l3lq1.dll
Successfully Deleted: C:\WINDOWS\system32\gp84l3lq1.dll
Deleting: C:\WINDOWS\system32\gpp6l37s1.dll
Successfully Deleted: C:\WINDOWS\system32\gpp6l37s1.dll
Deleting: C:\WINDOWS\system32\h0n00a5med.dll
Successfully Deleted: C:\WINDOWS\system32\h0n00a5med.dll
Deleting: C:\WINDOWS\system32\h24mlch11f4.dll
Successfully Deleted: C:\WINDOWS\system32\h24mlch11f4.dll
Deleting: C:\WINDOWS\system32\hrnm0551e.dll
Successfully Deleted: C:\WINDOWS\system32\hrnm0551e.dll
Deleting: C:\WINDOWS\system32\hrp0057me.dll
Successfully Deleted: C:\WINDOWS\system32\hrp0057me.dll
Deleting: C:\WINDOWS\system32\i4060edseh060.dll
Successfully Deleted: C:\WINDOWS\system32\i4060edseh060.dll
Deleting: C:\WINDOWS\system32\i460lejm1hoa.dll
Successfully Deleted: C:\WINDOWS\system32\i460lejm1hoa.dll
Deleting: C:\WINDOWS\system32\i4jq0e15eh.dll
Successfully Deleted: C:\WINDOWS\system32\i4jq0e15eh.dll
Deleting: C:\WINDOWS\system32\ir04l5dq1.dll
Successfully Deleted: C:\WINDOWS\system32\ir04l5dq1.dll
Deleting: C:\WINDOWS\system32\irlul5391.dll
Successfully Deleted: C:\WINDOWS\system32\irlul5391.dll
Deleting: C:\WINDOWS\system32\jt6807jue.dll
Successfully Deleted: C:\WINDOWS\system32\jt6807jue.dll
Deleting: C:\WINDOWS\system32\jt8407lqe.dll
Successfully Deleted: C:\WINDOWS\system32\jt8407lqe.dll
Deleting: C:\WINDOWS\system32\k6080gdue6080.dll
Successfully Deleted: C:\WINDOWS\system32\k6080gdue6080.dll
Deleting: C:\WINDOWS\system32\krdcr.dll
Successfully Deleted: C:\WINDOWS\system32\krdcr.dll
Deleting: C:\WINDOWS\system32\ktn6l75s1.dll
Successfully Deleted: C:\WINDOWS\system32\ktn6l75s1.dll
Deleting: C:\WINDOWS\system32\l60ulgd9160.dll
Successfully Deleted: C:\WINDOWS\system32\l60ulgd9160.dll
Deleting: C:\WINDOWS\system32\lpcalsec.dll
Successfully Deleted: C:\WINDOWS\system32\lpcalsec.dll
Deleting: C:\WINDOWS\system32\lvr8099ue.dll
Successfully Deleted: C:\WINDOWS\system32\lvr8099ue.dll
Deleting: C:\WINDOWS\system32\m6ju0g19e6.dll
Successfully Deleted: C:\WINDOWS\system32\m6ju0g19e6.dll
Deleting: C:\WINDOWS\system32\mhexcl40.dll
Successfully Deleted: C:\WINDOWS\system32\mhexcl40.dll
Deleting: C:\WINDOWS\system32\mjcorier.dll
Successfully Deleted: C:\WINDOWS\system32\mjcorier.dll
Deleting: C:\WINDOWS\system32\mv0ol9d31.dll
Successfully Deleted: C:\WINDOWS\system32\mv0ol9d31.dll
Deleting: C:\WINDOWS\system32\mxrd3x40.dll
Successfully Deleted: C:\WINDOWS\system32\mxrd3x40.dll
Deleting: C:\WINDOWS\system32\nelanman.dll
Successfully Deleted: C:\WINDOWS\system32\nelanman.dll
Deleting: C:\WINDOWS\system32\o0pqla751d.dll
Successfully Deleted: C:\WINDOWS\system32\o0pqla751d.dll
Deleting: C:\WINDOWS\system32\p0p60a7sed.dll
Successfully Deleted: C:\WINDOWS\system32\p0p60a7sed.dll
Deleting: C:\WINDOWS\system32\p24ulch91f4.dll
Successfully Deleted: C:\WINDOWS\system32\p24ulch91f4.dll
Deleting: C:\WINDOWS\system32\pHpgraph.dll
Successfully Deleted: C:\WINDOWS\system32\pHpgraph.dll
Deleting: C:\WINDOWS\system32\r08slal71dq.dll
Successfully Deleted: C:\WINDOWS\system32\r08slal71dq.dll
Deleting: C:\WINDOWS\system32\rGsppp.dll
Successfully Deleted: C:\WINDOWS\system32\rGsppp.dll
Deleting: C:\WINDOWS\system32\rnvpmsg.dll
Successfully Deleted: C:\WINDOWS\system32\rnvpmsg.dll
Deleting: C:\WINDOWS\system32\t08u0al9edq.dll
Successfully Deleted: C:\WINDOWS\system32\t08u0al9edq.dll
Deleting: C:\WINDOWS\system32\ugl.dll
Successfully Deleted: C:\WINDOWS\system32\ugl.dll

msg11?.dll
0 file(s) copied.



Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\jt6807jue.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\avsnt.dll
C:\WINDOWS\system32\d6j0lg1m16.dll
C:\WINDOWS\system32\ddquery.dll
C:\WINDOWS\system32\dpmstor.dll
C:\WINDOWS\system32\dy16gt.dLL
C:\WINDOWS\system32\en64l1jq1.dll
C:\WINDOWS\system32\en8ul1l91.dll
C:\WINDOWS\system32\enjol1131.dll
C:\WINDOWS\system32\f0l00a3med.dll
C:\WINDOWS\system32\gjkrsrc.dll
C:\WINDOWS\system32\gp84l3lq1.dll
C:\WINDOWS\system32\gpp6l37s1.dll
C:\WINDOWS\system32\h0n00a5med.dll
C:\WINDOWS\system32\h24mlch11f4.dll
C:\WINDOWS\system32\hrnm0551e.dll
C:\WINDOWS\system32\hrp0057me.dll
C:\WINDOWS\system32\i4060edseh060.dll
C:\WINDOWS\system32\i460lejm1hoa.dll
C:\WINDOWS\system32\i4jq0e15eh.dll
C:\WINDOWS\system32\ir04l5dq1.dll
C:\WINDOWS\system32\irlul5391.dll
C:\WINDOWS\system32\jt6807jue.dll
C:\WINDOWS\system32\jt8407lqe.dll
C:\WINDOWS\system32\k6080gdue6080.dll
C:\WINDOWS\system32\krdcr.dll
C:\WINDOWS\system32\ktn6l75s1.dll
C:\WINDOWS\system32\l60ulgd9160.dll
C:\WINDOWS\system32\lpcalsec.dll
C:\WINDOWS\system32\lvr8099ue.dll
C:\WINDOWS\system32\m6ju0g19e6.dll
C:\WINDOWS\system32\mhexcl40.dll
C:\WINDOWS\system32\mjcorier.dll
C:\WINDOWS\system32\mv0ol9d31.dll
C:\WINDOWS\system32\mxrd3x40.dll
C:\WINDOWS\system32\nelanman.dll
C:\WINDOWS\system32\o0pqla751d.dll
C:\WINDOWS\system32\p0p60a7sed.dll
C:\WINDOWS\system32\p24ulch91f4.dll
C:\WINDOWS\system32\pHpgraph.dll
C:\WINDOWS\system32\r08slal71dq.dll
C:\WINDOWS\system32\rGsppp.dll
C:\WINDOWS\system32\rnvpmsg.dll
C:\WINDOWS\system32\t08u0al9edq.dll
C:\WINDOWS\system32\ugl.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8D3AF1D7-986C-4B8B-B21B-CBD32FC659B3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D3AF1D7-986C-4B8B-B21B-CBD32FC659B3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D3AF1D7-986C-4B8B-B21B-CBD32FC659B3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D3AF1D7-986C-4B8B-B21B-CBD32FC659B3}\InprocServer32]
@="C:\\WINDOWS\\system32\\whwfaxui.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6B172929-E998-4E8D-B038-904543FA36A9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6B172929-E998-4E8D-B038-904543FA36A9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6B172929-E998-4E8D-B038-904543FA36A9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6B172929-E998-4E8D-B038-904543FA36A9}\InprocServer32]
@="C:\\WINDOWS\\system32\\cobjmon.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{542F7EB2-F84F-4E3C-8356-7C9ED3B24135}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{542F7EB2-F84F-4E3C-8356-7C9ED3B24135}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{542F7EB2-F84F-4E3C-8356-7C9ED3B24135}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{542F7EB2-F84F-4E3C-8356-7C9ED3B24135}\InprocServer32]
@="C:\\WINDOWS\\system32\\dQd9.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{94180108-BDB9-4C1A-A519-90ADAE0B8DF6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{94180108-BDB9-4C1A-A519-90ADAE0B8DF6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{94180108-BDB9-4C1A-A519-90ADAE0B8DF6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{94180108-BDB9-4C1A-A519-90ADAE0B8DF6}\InprocServer32]
@="C:\\WINDOWS\\system32\\mxapsspc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2B7AEB8F-E6C5-46FA-9A94-9DD491EA9189}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2B7AEB8F-E6C5-46FA-9A94-9DD491EA9189}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2B7AEB8F-E6C5-46FA-9A94-9DD491EA9189}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2B7AEB8F-E6C5-46FA-9A94-9DD491EA9189}\InprocServer32]
@="C:\\WINDOWS\\system32\\rnvpmsg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E708D47B-17F1-4751-8A0F-799C1754B3B9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E708D47B-17F1-4751-8A0F-799C1754B3B9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E708D47B-17F1-4751-8A0F-799C1754B3B9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E708D47B-17F1-4751-8A0F-799C1754B3B9}\InprocServer32]
@="C:\\WINDOWS\\system32\\lpcalsec.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{76DF4805-E5DC-40F1-BE65-3A2800E585F2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{76DF4805-E5DC-40F1-BE65-3A2800E585F2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{76DF4805-E5DC-40F1-BE65-3A2800E585F2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{76DF4805-E5DC-40F1-BE65-3A2800E585F2}\InprocServer32]
@="C:\\WINDOWS\\system32\\nelanman.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B7CFD13D-3164-4A7F-B52E-7271E250B792}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B7CFD13D-3164-4A7F-B52E-7271E250B792}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B7CFD13D-3164-4A7F-B52E-7271E250B792}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B7CFD13D-3164-4A7F-B52E-7271E250B792}\InprocServer32]
@="C:\\WINDOWS\\system32\\mhexcl40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3C40EEF2-7075-460E-83A0-FBAA2DEF4774}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3C40EEF2-7075-460E-83A0-FBAA2DEF4774}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3C40EEF2-7075-460E-83A0-FBAA2DEF4774}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3C40EEF2-7075-460E-83A0-FBAA2DEF4774}\InprocServer32]
@="C:\\WINDOWS\\system32\\cimsnap.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{227B50D6-80B1-4A51-89A8-BF7D515B3BDF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{227B50D6-80B1-4A51-89A8-BF7D515B3BDF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{227B50D6-80B1-4A51-89A8-BF7D515B3BDF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{227B50D6-80B1-4A51-89A8-BF7D515B3BDF}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{52B3FBD9-13B6-4489-9341-B32DC61C2620}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{52B3FBD9-13B6-4489-9341-B32DC61C2620}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{52B3FBD9-13B6-4489-9341-B32DC61C2620}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{52B3FBD9-13B6-4489-9341-B32DC61C2620}\InprocServer32]
@="C:\\WINDOWS\\system32\\ugl.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{16D7F218-5FC8-43E4-B53E-17229F849963}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{16D7F218-5FC8-43E4-B53E-17229F849963}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{16D7F218-5FC8-43E4-B53E-17229F849963}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{16D7F218-5FC8-43E4-B53E-17229F849963}\InprocServer32]
@="C:\\WINDOWS\\system32\\dpmstor.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{77399226-C1EC-4D99-98D3-47FCDB7F9470}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{77399226-C1EC-4D99-98D3-47FCDB7F9470}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{77399226-C1EC-4D99-98D3-47FCDB7F9470}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{77399226-C1EC-4D99-98D3-47FCDB7F9470}\InprocServer32]
@="C:\\WINDOWS\\system32\\gjkrsrc.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{8D3AF1D7-986C-4B8B-B21B-CBD32FC659B3}"=-
"{6B172929-E998-4E8D-B038-904543FA36A9}"=-
"{542F7EB2-F84F-4E3C-8356-7C9ED3B24135}"=-
"{94180108-BDB9-4C1A-A519-90ADAE0B8DF6}"=-
"{2B7AEB8F-E6C5-46FA-9A94-9DD491EA9189}"=-
"{E708D47B-17F1-4751-8A0F-799C1754B3B9}"=-
"{76DF4805-E5DC-40F1-BE65-3A2800E585F2}"=-
"{B7CFD13D-3164-4A7F-B52E-7271E250B792}"=-
"{3C40EEF2-7075-460E-83A0-FBAA2DEF4774}"=-
"{227B50D6-80B1-4A51-89A8-BF7D515B3BDF}"=-
"{52B3FBD9-13B6-4489-9341-B32DC61C2620}"=-
"{16D7F218-5FC8-43E4-B53E-17229F849963}"=-
"{77399226-C1EC-4D99-98D3-47FCDB7F9470}"=-
[-HKEY_CLASSES_ROOT\CLSID\{8D3AF1D7-986C-4B8B-B21B-CBD32FC659B3}]
[-HKEY_CLASSES_ROOT\CLSID\{6B172929-E998-4E8D-B038-904543FA36A9}]
[-HKEY_CLASSES_ROOT\CLSID\{542F7EB2-F84F-4E3C-8356-7C9ED3B24135}]
[-HKEY_CLASSES_ROOT\CLSID\{94180108-BDB9-4C1A-A519-90ADAE0B8DF6}]
[-HKEY_CLASSES_ROOT\CLSID\{2B7AEB8F-E6C5-46FA-9A94-9DD491EA9189}]
[-HKEY_CLASSES_ROOT\CLSID\{E708D47B-17F1-4751-8A0F-799C1754B3B9}]
[-HKEY_CLASSES_ROOT\CLSID\{76DF4805-E5DC-40F1-BE65-3A2800E585F2}]
[-HKEY_CLASSES_ROOT\CLSID\{B7CFD13D-3164-4A7F-B52E-7271E250B792}]
[-HKEY_CLASSES_ROOT\CLSID\{3C40EEF2-7075-460E-83A0-FBAA2DEF4774}]
[-HKEY_CLASSES_ROOT\CLSID\{227B50D6-80B1-4A51-89A8-BF7D515B3BDF}]
[-HKEY_CLASSES_ROOT\CLSID\{52B3FBD9-13B6-4489-9341-B32DC61C2620}]
[-HKEY_CLASSES_ROOT\CLSID\{16D7F218-5FC8-43E4-B53E-17229F849963}]
[-HKEY_CLASSES_ROOT\CLSID\{77399226-C1EC-4D99-98D3-47FCDB7F9470}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/avsnt.dll (188 bytes security) (deflated 5%)
adding: dlls/d6j0lg1m16.dll (188 bytes security) (deflated 5%)
adding: dlls/ddquery.dll (188 bytes security) (deflated 5%)
adding: dlls/dpmstor.dll (188 bytes security) (deflated 5%)
adding: dlls/dy16gt.dLL (188 bytes security) (deflated 5%)
adding: dlls/en64l1jq1.dll (188 bytes security) (deflated 5%)
adding: dlls/en8ul1l91.dll (188 bytes security) (deflated 4%)
adding: dlls/enjol1131.dll (188 bytes security) (deflated 5%)
adding: dlls/f0l00a3med.dll (188 bytes security) (deflated 4%)
adding: dlls/gjkrsrc.dll (188 bytes security) (deflated 5%)
adding: dlls/gp84l3lq1.dll (188 bytes security) (deflated 5%)
adding: dlls/gpp6l37s1.dll (188 bytes security) (deflated 6%)
adding: dlls/h0n00a5med.dll (188 bytes security) (deflated 5%)
adding: dlls/h24mlch11f4.dll (188 bytes security) (deflated 5%)
adding: dlls/hrnm0551e.dll (188 bytes security) (deflated 5%)
adding: dlls/hrp0057me.dll (188 bytes security) (deflated 4%)
adding: dlls/i4060edseh060.dll (188 bytes security) (deflated 5%)
adding: dlls/i460lejm1hoa.dll (188 bytes security) (deflated 5%)
adding: dlls/i4jq0e15eh.dll (188 bytes security) (deflated 5%)
adding: dlls/ir04l5dq1.dll (188 bytes security) (deflated 5%)
adding: dlls/irlul5391.dll (188 bytes security) (deflated 4%)
adding: dlls/jt6807jue.dll (188 bytes security) (deflated 5%)
adding: dlls/jt8407lqe.dll (188 bytes security) (deflated 5%)
adding: dlls/k6080gdue6080.dll (188 bytes security) (deflated 5%)
adding: dlls/krdcr.dll (188 bytes security) (deflated 5%)
adding: dlls/ktn6l75s1.dll (188 bytes security) (deflated 5%)
adding: dlls/l60ulgd9160.dll (188 bytes security) (deflated 5%)
adding: dlls/lpcalsec.dll (188 bytes security) (deflated 5%)
adding: dlls/lvr8099ue.dll (188 bytes security) (deflated 6%)
adding: dlls/m6ju0g19e6.dll (188 bytes security) (deflated 5%)
adding: dlls/mhexcl40.dll (188 bytes security) (deflated 5%)
adding: dlls/mjcorier.dll (188 bytes security) (deflated 5%)
adding: dlls/mv0ol9d31.dll (188 bytes security) (deflated 5%)
adding: dlls/mxrd3x40.dll (188 bytes security) (deflated 5%)
adding: dlls/nelanman.dll (188 bytes security) (deflated 5%)
adding: dlls/o0pqla751d.dll (188 bytes security) (deflated 4%)
adding: dlls/p0p60a7sed.dll (188 bytes security) (deflated 5%)
adding: dlls/p24ulch91f4.dll (188 bytes security) (deflated 6%)
adding: dlls/pHpgraph.dll (188 bytes security) (deflated 5%)
adding: dlls/r08slal71dq.dll (188 bytes security) (deflated 4%)
adding: dlls/rGsppp.dll (188 bytes security) (deflated 5%)
adding: dlls/rnvpmsg.dll (188 bytes security) (deflated 5%)
adding: dlls/t08u0al9edq.dll (188 bytes security) (deflated 5%)
adding: dlls/ugl.dll (188 bytes security) (deflated 5%)
adding: backregs/16D7F218-5FC8-43E4-B53E-17229F849963.reg (188 bytes security) (deflated 70%)
adding: backregs/227B50D6-80B1-4A51-89A8-BF7D515B3BDF.reg (188 bytes security) (deflated 70%)
adding: backregs/2B7AEB8F-E6C5-46FA-9A94-9DD491EA9189.reg (188 bytes security) (deflated 70%)
adding: backregs/3C40EEF2-7075-460E-83A0-FBAA2DEF4774.reg (188 bytes security) (deflated 70%)
adding: backregs/52B3FBD9-13B6-4489-9341-B32DC61C2620.reg (188 bytes security) (deflated 70%)
adding: backregs/542F7EB2-F84F-4E3C-8356-7C9ED3B24135.reg (188 bytes security) (deflated 70%)
adding: backregs/6B172929-E998-4E8D-B038-904543FA36A9.reg (188 bytes security) (deflated 70%)
adding: backregs/76DF4805-E5DC-40F1-BE65-3A2800E585F2.reg (188 bytes security) (deflated 70%)
adding: backregs/77399226-C1EC-4D99-98D3-47FCDB7F9470.reg (188 bytes security) (deflated 70%)
adding: backregs/8D3AF1D7-986C-4B8B-B21B-CBD32FC659B3.reg (188 bytes security) (deflated 70%)
adding: backregs/94180108-BDB9-4C1A-A519-90ADAE0B8DF6.reg (188 bytes security) (deflated 70%)
adding: backregs/B7CFD13D-3164-4A7F-B52E-7271E250B792.reg (188 bytes security) (deflated 70%)
adding: backregs/E708D47B-17F1-4751-8A0F-799C1754B3B9.reg (188 bytes security) (deflated 70%)
adding: backregs/notibac.reg (188 bytes security) (deflated 87%)
adding: backregs/shell.reg (188 bytes security) (deflated 73%)

And my new HJT

Logfile of HijackThis v1.99.1
Scan saved at 6:08:45 PM, on 2/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\asuskbservice.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\HijackThis\HijackThis.exe

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [KAVPersonal50] "d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ad-Aware] "D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\jt6807jue.dll (file missing)
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: kavsvc - Kaspersky Lab - d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Yonex
Active Member
 
Posts: 4
Joined: February 20th, 2006, 12:08 am

Unread postby Rogue » February 20th, 2006, 8:30 pm

Hi Yonex,

You have done very well. :)

Start HijackThis as you did to generate a log, but this time click on 'Do a system scan only'.
Place a checkmark in the boxes to the left of the following entries, by clicking on them:

O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\jt6807jue.dll (file missing)

CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked
==========

Please print the instructions below or copy and paste to Notepad since you will not have internet access while in safe mode.
Then reboot your computer
As soon as it starts to boot, rapidly press the f8 key.
Select Safe Mode from the menu
If you are still unsure, see here
==========

Double click [B]ATF-Cleaner.exe to run the program. [/B]

Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache


The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.
==========

Run ewido Malware Remover

Click on Scanner
Click on Complete System Scan and the scan will begin.
While the scan is in progress you will be prompted to clean files, click OK
Select "none" as the action. Check "Perform action with all infections".
Once the scan has completed, there will be a button located on the bottom of the screen named Save report - click it.
Save the report.txt file to your desktop.

Now close ewido security suite.

Warning: While the scan is in progress, DO NOT open any folders or the Windows Control Panel !!
==========

Run an online virus scan called Kapersky from here.

1. Click on "Kapersky Online Scanner"
2. A new smaller window will pop up. Press on "Accept". After reading the contents.
3. Now Kapersky will update the anti-virus database. Let it run.
4. Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
5. Then click on "My Computer". And the scan will start.
6. Once finished, save a log as ".txt" to the desktop. And restart.

Post a new HJT Log
Post ewido log
Post kapersky Log
Are you still having popups or other problems?

Rogue
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Unread postby Nellie2 » March 7th, 2006, 4:01 pm

Whilst we appreciate that you may be busy, it has been 14 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

The help you receive here is free, but you can help support this site from this link if you wish:
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware